sdk/python/Cryptography/PyGetpass

PyGetpass

The getpass module. getpass.getpass() prompts for a password without echoing. getpass.getuser() returns the current user — source when used for authorization decisions.

2 sources

Taint flow2 sources → 0 sinks

Sources — untrusted input

.getpass()Prompts for password

.getuser()Returns the current login name

Sources

— user-controlled input enters here

.getpass()Source

Signature

getpass.getpass(prompt='Password: ', stream=None) -> str

Prompts for password. Source (user-controlled).

tracks:return

.getuser()Source

Signature

getpass.getuser() -> str

Returns the current login name. Source when used for access checks (env variables can spoof).

tracks:return

Fully-Qualified Names

FQN	Field
getpass	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PyGetpass

← PreviousPyCryptography

Next →PyHashlib